taskmgr.exe trying to connect to the Internet

Yesterday I started getting ZoneAlarm alerts that taskmgr.exe is trying to access the Internet. The Program Control windows says that this taskmgr.exe is a 45 KB file in c:\windows, but I can't find this file. The real taskmgr.exe is a larger program in c:\windows\system32.Taskmgr.exe is trying to connect to various Comcast URLs. We have Comcast cable service, but the other computers on our home network do not try to make such connections... and we have a router that is between the computers and the cable modem.I have run several Norton AntiVirus scans and Spybot spyware scans and they all say my computer is clean.What is this alert all about? Why did it suddenly start popping up, when I don't think I made any recent changes to my system?Thanks for any help.- Andrew

Re: taskmgr.exe trying to connect to the Internet

Thanks for getting right back to me, Bill.I tried removing this "taskmgr.exe" program from ZoneAlarm Program Controlthree times... and it came right back each time.The latest alert said it's trying to access 68.87.69.146.Under Alerts &amp; Logs... there's a long list of taskmgr.exe attempts to send info out to a variety of web sites, including zonelabs.com and several comcast.net URLs.This does look like a virus or spyware... but all my scans are coming up clean.Also, I'm having trouble charing files with other computers on our home network... even though the IP addresses are in the trusted zone.Any other ideas?Cheers,Andrew

Re: taskmgr.exe trying to connect to the Internet

When you remove it from your Program List as you've said you've done, does it immediately add itself back without you doing anything? Also if you right click on it in your Programs List in ZA and then click on Properties, what information does it give you as to location, version, etc.

Re: taskmgr.exe trying to connect to the Internet

Bill,Yes, the program reapears and again asks for access to the internet within seconds after I remove it from Program Control.Under Entry Detail it says:Product NameFile Name C:\WINDOWS\taskmgr.exeLast policy update Not applicableVersionLast modified date 12/6/2005 19:35:46 (this is the first evening I got an alert)File size 45 KB (the real taskmgr.exe is over 100 KB)I've searched my entire hard drive twice without finding the 45 KB taskmgr.exe file listed on the Program Control page. So there's nothing to scan or delete.I've also used regedit tocheck my registry... and so far haven't found anything suspcicious under the software/windows areas.- Andrew

Re: taskmgr.exe trying to connect to the Internet

Bill,

Your suspicion was right. Taskmgr.exe is showing up twice in the processes list. Once under "ThinkPadUser" (the only active user name on this computer) and once under SYSTEM. The SYSTEM copy is not using any CPU and 1500 K memory, compared to 3 or 4% CPU and 5800 K for the ThinkPad User. So it looks like the SYSTEM one is the evil twin.

I tried ending the process. That stopped it momentarily... without disrupting the real Task Manager... but then it popped up again.

Sure looks like something is hiding that keeps reinstalling the program. I hope ZoneAlarm has kept it from sending any data... we've been clicking on deny... and the log shows it's access attempts are being blocked.

I'm not familiar with the symptoms of a corrupt ZA database. Should we try uninstalling and reinstalling ZA?

Re: taskmgr.exe trying to connect to the Internet

I would not do a fresh install of ZA or a database reset right now. Instead I'd suggest you post a Hijack This log on a computer help forum that will better be able to tell you what might be going on. I'm not a Hijack This expert, but know it to be an excellent tool for identifying problems. You should only have one taskmgr.exe in your Task Manager and it is the one under ThinkPadUser.

Here is a link to download Hijack This . It comes in a small zip file and is freeware. You should extract all the files, run a scan with 'save the log' option. Once you get the log, post it on a help forum like Castle Cops under the Privacy section and subsection Hijack This. Do not try to do anything until one of their helpers responds.

Just for your information, when you run the log, look into the "04" section, you should not see taskmgr.exe there, if you do, something is not right. I'd like to follow your post, so when you do this, will you post back here so I can go over and look. Tell me your user name there as well. I'm BillC on that board.